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Thousands of websites, including government sites in the United States, 
the U.K., and Australia, were ensnared in an international cryptojacking 
scheme, The Register reports: 

The affected sites all use a fairly popular plugin called Browsealoud, 
made by Brit biz Texthelp, which reads out webpages for blind or 
partially sighted people. 

This technology was compromised in some way—either by hackers or 
rogue insiders altering Browsealoud’s source code—to silently inject 
Coinhive’s Monero miner into every webpage offering Browsealoud. 

For several hours today, anyone who visited a site that embedded 
Browsealoud inadvertently ran this hidden mining code on their 
computer, generating money for the miscreants behind the caper. 
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The nearly 4,300 websites impacted included the U.S. Federal Court 
system, City University of New York, and the U.K.’s National Health 
Service (NHS). Notably, the sites themselves were not breached; 
hackers delivered the malware by compromising the popular 
Browsealoud plugin. As of this writing, the developers of Browsealoud 
have not determined how their code was hacked. 


Cryptojacking Attacks Getting More Frequent & Sophisticated 

Cryptojacking, which employs crypto-mining malware to covertly (and 
illegally) co-opt CPU resources to “mine” cryptocurrencies like Monero, 
is on track to becoming a bigger threat to enterprises than ransomware. 
There are two ways in which cryptojacking attacks can occur: 

The first attack vector uses a script injected into a website or in content 
delivered to multiple websites, such as ads or plugins. No code is stored 
on victims’ computers; the malware runs only while the visitor has the 
infected website tab or ad pop-up open. This is the type of attack vector 
used in the Browsealoud hack and the cryptojacking advertisements 
recently discovered running on YouTube. 
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If your organization’s website is cryptojacked, your site visitors’ 
computer hardware is put to work making money for cyber criminals. 
Whenever your employees visit a cryptojacked site, they’re the ones put 
to work for the cyber criminals; additionally, the cryptojacking malware 
eats up their machines’ resources, slowing their systems, decreasing 
their productivity, and potentially tying up your IT department with 
complaints about system sluggishness. 

The second method of attack is to install crypto-mining malware on 
victims’ computers that runs in the background, sucking up resources 
unbeknownst to the victims. Usually, this happens through a phishing 
scheme, but a new cryptojacking variant called WannaMine, which 
specifically targets enterprise systems, also employs the credential 
harvester Mimikatz to crack weak user passwords. 

While cryptojacking malware traditionally attacked smartphones and 
other small loT devices, “next-generation” malware like WannaMine and 
Smominru are designed to go after desktop machines and servers. 
WannaMine has been reported to eat up so many resources that it has 
caused applications and hardware to crash. Rogue crypto-mining is 
even threatening critical infrastructure. Last week, cryptojacking 
malware was discovered on an industrial control system at a water utility 
in Europe, where it reportedly had a “significant impact” on system 
operations. 

Preventing Cryptojacking 

There are several ways in which your organization can guard against 
cryptojacking: 


* Incorporate cryptojacking into the cyber security training given to your 
IT help desk workers and the rest of your employees. 

* Use network security software to monitor for and block the activity 
needed for crypto-miners to work. 

* Keep your systems and software up-to-date; only older Windows 
machines are susceptible to the Eternal Blue exploit used by 
WannaMine and Smominru. 

* Ensure that all system users are using strong passwords that cannot 
be cracked by Mimikatz. 

* Ensure that all of your employees use ad blocking and anti-crypto¬ 
mining browser extensions. 
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